Microsoft Issues 'Fix-It' for Internet Explorer Flaw

Below:

Next story in Security

Microsoft has rushed out a "fix-it" for the critical flaw that
affects all current versions of Internet Explorer. A permanent
fix will be coming tomorrow (Sept. 21).

"The 'Prevent Memory Corruption via ExecCommand in Internet
Explorer' Fix it solution," Microsoft said in a support document posted yesterday (Sept.
19), "is not intended to be a replacement for any security
update. We recommend that you always install the latest
security updates."

Users can download the "fix it" — as well as a second "fix it" to
disable the first, if needs be — directly from the support page.
However, users should first
fully update their versions of Windows and of Internet
Explorer.

Furthermore, the "fix it" works only for 32-bit versions of IE,
not 64-bit ones. (If you don't know what that means, you've
probably got the 32-bit one.)

"It will not affect your ability to browse the Web, and it does
not require a reboot of your computer," Microsoft director of
Trustworthy Computing Yunsun Wee said in a blog posting yesterday.

Users of 64-bit versions of Internet Explorer will have to either
use the more complicated workaround spelled out in Microsoft's
security advisory from Monday.

Or, they can stop using Internet Explorer altogether until
tomorrow, which is when, according to Wee, Microsoft will be
pushing out a permanent fix through an out-of-cycle Windows
Update patch.

"We recommend that you install this update as soon as it is
available," Wee said. "This will not only reinforce the issue
that the Fix It addressed, but cover other issues as well."

The
Internet Explorer flaw lets an attacker gain remote control
of a targeted Windows machine at the same level of privilege as
the current legitimate user. It affects Internet Explorers 6, 7,
8 and 9 on Windows XP, Vista and 7.

Windows 8, due for general release Oct. 26, and its Internet
Explorer 10 browser are not affected.